Archives: Incident Response Plan

Subscribe to Incident Response Plan RSS Feed

How an Incident Response Plan Can Reduce Your Cyber Insurance Costs

ponemon-institutePreparing for a breach can greatly reduce the cost of a breach according to the Ponemon Institute. Thus, insurers reward those organizations who have taken preparatory steps and implemented defensive measures such as an incident response plan and designated a team to execute that plan. An incident response plan will identify the actions that should be taken when a data incident occurs. Having an incident response plan can result in lower premiums.

Since securing cyber liability insurance is now a … Read More

Taft Incident Response Planning Webinar Nov. 4

An incident response plan can lead to a better roadmap for securing cost-effective cyber liability insurance and, consequently, lower costs associated with a data breach.

The adoption of an incident response plan is a major indicator to underwriters that an organization is sophisticated and understands that incidents do occur regularly within firewall perimeters and that the organization has an early detection, containment and eradication plan in place to manage incidents, thus protecting data more effectively.

Early detection minimizes the time … Read More

Why Benjamin Franklin Would Want to See Your Incident Response Plan

Ben-FranklinFire prevention elements played a large role in the planning of Philadelphia; streets were wider than average and brick and stone were common building elements. Despite these preventive measures and the efforts of firefighters, fires did still occur. Benjamin Franklin began to study this situation and stated “About this time I wrote a paper…on the different accidents and carelessness by which houses were set on fire, with cautions against them, and means purposed of avoiding them.” In 1736 Franklin and … Read More

The Most Common Breach Incident and How an Incident Response Plan Could Save You

Emailing A phishing attack is the leading type of data breach. Phishing is an e-mail fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from a recipient.

The logic behind this type of attack is a simple reliance on human error. Statistically, if enough e-mails are sent, a sufficiently large number of recipients, who are rushed or distracted, will fail to scrutinize the IP address. They will click on the … Read More

Why Do You Need an Incident Response Plan?

speedAll companies have employee, proprietary, financial and other sensitive data that require protection. Human error is still one of the most common causes of a data breach and that is very difficult, if not impossible, to completely eradicate.  Moreover, with the recent release of the Yates Memorandum from the Department of Justice (“DOJ”), the DOJ is emphasizing best practices when dealing with individuals in connection with corporate wrongdoing.  To quote my colleague, Jackie Bennett, “…now is the time to … Read More

Privacy and Data Security Attorneys Presenting at Three Upcoming Seminars

Northern Kentucky University’s Annual CyberSecurity Symposium
Oct. 9, 2015
NKY Mets Center
Matthew D. Lawless, presenter: “Considering Privacy and Data Security Harms.”

Technology First, 9th Annual Taste of IT Conference
Nov. 18, 2015
Sinclair Ponitz Center, Dayton, Oh
Diane D. Reynolds, panelist and Matthew D. Lawless, panel moderator.
“Cybersecurity Compliance: If it ain’t working for Anthem, Lifelock and Neiman Marcus, What am I Supposed to do for My Company?”

Indiana University Kelley School of Business’ “Indiana Read More

Corporate Boards: The Challenges and Risks of Maneuvering Through Cybersecurity

This is the first of a three-part series on the implications of cybersecurity threats on boards of directors. 

Now, more than ever, corporate boards face an immense challenge to ensure that their companies are prepared for cybersecurity threats before they occur.  It is not question of if a corporation will be hit by a cybersecurity incident or data breach, but when.

The Existing Cybersecurity Landscape and Associated Risks  

The landscape that corporate boards face has never been more treacherous, with … Read More

Threat Intelligence – What You Should Be Doing

Threat Intelligence is, very simply, network defense techniques that leverage knowledge (i.e. intelligence and counter intelligence) about adversaries so that organizations can build a superior information base which decreases the chances of an attacker compromising their networks. Gartner more specifically defines it as “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to the menace or hazard.”

Vulnerability Read More

The Importance of an Incident Response Plan

Many data breaches have been in the news lately across many industries, such as:

  • Retail (e.g., Target, Home Depot)
  • Healthcare (e.g., Anthem, Premera)
  • Technology (e.g., AT&T, Apple)
  • Entertainment (e.g., Sony, Blizzard)
  • And others

While the types of attacks, exposed vulnerabilities, and type and number of records compromised all vary among these breaches, there is one thing in common to all: They all had to respond to the breach.

An Incident Response Plan (IRP) is a best practice that, unfortunately, … Read More

LexBlog